From 1d865b2111d9dec4d21488acd7af3223bf3b0fc4 Mon Sep 17 00:00:00 2001
From: Pawel Krawczyk <p.krawczyk@kainos.com>
Date: Wed, 7 Jan 2015 10:13:25 +0000
Subject: [PATCH] make rules stateless to catch existing connections

---
 firewall.user | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/firewall.user b/firewall.user
index ab5cf5c..f67d9b4 100644
--- a/firewall.user
+++ b/firewall.user
@@ -38,10 +38,10 @@ if ! iptables -L ${blocklist_chain_name}; then iptables -N ${blocklist_chain_nam
 
 # inject references to blocklist in the beginning of input and forward chains
 if ! iptables -L input_rule | grep -q ${blocklist_chain_name}; then
-  iptables -I input_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
+  iptables -I input_rule 1 -j ${blocklist_chain_name}
 fi
 if ! iptables -L forwarding_rule | grep -q ${blocklist_chain_name}; then
-  iptables -I forwarding_rule 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
+  iptables -I forwarding_rule 1 -j ${blocklist_chain_name}
 fi                                                                 
 
 wan_iface=$(uci get network.wan.ifname)